Re: ISSUE-22 (ac4csr-webarch): The AC4CSR spec and "webarch" [Access Control] from Anne van Kesteren on 2008-01-28 (public-appformats@w3.org from January 2008)

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 28 Jan 2008 12:12:34 +0100
To: "Web Application Formats Working Group WG" <public-appformats@w3.org>
Message-ID: <op.t5mz28ff64w2qv@annevk-t60.oslo.opera.com>

On Mon, 28 Jan 2008 03:05:32 +0100, Web Application Formats Working Group  
Issue Tracker <sysbot+tracker@w3.org> wrote:
> ISSUE-22 (ac4csr-webarch): The AC4CSR spec and "webarch" [Access Control]
>
> http://www.w3.org/2005/06/tracker/waf/issues/
>
> Raised by: Arthur Barstow
> On product: Access Control
>
> Tyler Close asserts the AC4CSR spec is "counter to what webarch tries to  
> encourage" regarding:
> [[
>  Good practice: Identify with URIs
>  <http://www.w3.org/TR/webarch/#pr-use-uris>
> ]]

This is not what the issue is about. As far as I can tell this is a  
duplicate of the server vs client issue. I think it's a bit of stretch to  
say that we're going against the Web architecture. If anything, our  
solution tries to impact the Web architecture as little as possible. We're  
not requiring people to use a specific technology to do cross-site  
requests. We're not trying to impose limits on HTTP by only letting SOAP  
go cross-site or something weird like that.

The only quibble here is that Access Control, like robots.txt,  
favicon.ico, P3P, style sheets, etc. has a per-resource policy, but unlike  
robots.txt, favicon.ico, and P3P does not have a per-origin (scheme,  
domain, port) policy. And I strongly believe that we should not go there  
now.

-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>

Received on Monday, 28 January 2008 11:09:35 UTC